Monday, December 30, 2013

30C3 CTF 2013 - Sandbox 300 PyExec writeup

Description

PyExec running on http://88.198.89.213:8080

We have sources of python jail. Need to execute code and get a flag.

But before execution almost all python keywords are filtered and regex condition is checked - it's possible to use only lowercase letters, numbers, and certain characters (parentheses, brackets, quotes, and point is prohibited!).

Using this one it is possible to bypass the first filter, but without a point, parentheses and quotes hard to execute all functions (it's possible using exec, and redefinition of python's string.punctuation etc).